diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 45930a0e..f5783785 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.11.0 +version: 1.12.0 keywords: - argo-events - sensor-controller @@ -17,4 +17,4 @@ icon: https://argoproj.github.io/argo-events/assets/logo.png home: https://github.com/argoproj/argo-helm annotations: artifacthub.io/changes: | - - "[Changed]: Update to Argo Events 1.6.0" + - "[Added]: Add aggregate-roles (sync with upstream manifests)" diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 7f7d41c5..b6c9a407 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -33,8 +33,11 @@ You can install the CRDs manually from `crds` folder. |-----|------|---------|-------------| | additionalSaNamespaces | list | `[]` | Create service accounts in additional namespaces specified The SA will always be created in the release namespaces | | additionalServiceAccountRules | list | (See [values.yaml]) | Additional rules | +| createAggregateRoles | bool | `true` | Create clusterroles that extend existing clusterroles to interact with argo-events CRDs. Only applies for cluster-wide installation (`singleNamespace: true`) | +| fullnameOverride | string | `""` | String to fully override "argo-events.fullname" template | | imagePullPolicy | string | `"Always"` | The image pull policy | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | +| nameOverride | string | `""` | String to partially override "argo-events.fullname" template | | registry | string | `"quay.io"` | docker registry | | securityContext | object | `{"runAsNonRoot":true,"runAsUser":9731}` | Common PodSecurityContext for all controllers | | serviceAccount | string | `"argo-events-sa"` | ServiceAccount to use for running controller. | diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index f0d83d2e..c25f9e5f 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -1,16 +1,26 @@ {{/* vim: set filetype=mustache: */}} + {{/* Expand the name of the chart. */}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- define "argo-events.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- define "argo-events.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/argo-events/templates/aggregate-roles.yaml b/charts/argo-events/templates/aggregate-roles.yaml new file mode 100644 index 00000000..6b1fc63a --- /dev/null +++ b/charts/argo-events/templates/aggregate-roles.yaml @@ -0,0 +1,83 @@ +{{- if and .Values.createAggregateRoles (not .Values.singleNamespace) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: {{ include "argo-events.fullname" . }}-aggregate-to-admin +rules: + - apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: {{ include "argo-events.fullname" . }}-aggregate-to-edit +rules: + - apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: {{ include "argo-events.fullname" . }}-aggregate-to-view +rules: + - apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index b6ea4d04..074a8fdf 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -1,3 +1,9 @@ +# -- String to partially override "argo-events.fullname" template +nameOverride: "" + +# -- String to fully override "argo-events.fullname" template +fullnameOverride: "" + # -- docker registry registry: quay.io @@ -36,6 +42,10 @@ additionalServiceAccountRules: resources: - customresourcedefinitions +# -- Create clusterroles that extend existing clusterroles to interact with argo-events CRDs. +# Only applies for cluster-wide installation (`singleNamespace: true`) +createAggregateRoles: true + # -- Whether to run in namespaced scope. # Set `singleNamespace` to false to have the controllers # listen on all namespaces. Otherwise the controllers will listen